Robust EC-PAKA Protocol for Wireless Mobile Networks

Similar documents
Security Flaws of Cheng et al. s Biometric-based Remote User Authentication Scheme Using Quadratic Residues

A New Secure Mutual Authentication Scheme with Smart Cards Using Bilinear Pairings

A Simple User Authentication Scheme for Grid Computing

An enhanced authenticated key agreement protocol for wireless mobile communication

Cryptanalysis and Improvement of a New. Ultra-lightweight RFID Authentication. Protocol with Permutation

A Simple User Authentication Scheme for Grid Computing

Session key establishment protocols

Session key establishment protocols

Efficient password authenticated key agreement using bilinear pairings

Remote User Authentication Scheme in Multi-server Environment using Smart Card

An Improved Remote User Authentication Scheme with Smart Cards using Bilinear Pairings

Security Analysis of Shim s Authenticated Key Agreement Protocols from Pairings

Authenticated Key Agreement Without Using One-way Hash Functions Based on The Elliptic Curve Discrete Logarithm Problem

Security Improvements of Dynamic ID-based Remote User Authentication Scheme with Session Key Agreement

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

Key Management and Distribution

Cryptanalysis of a Markov Chain Based User Authentication Scheme

Key Establishment and Authentication Protocols EECE 412

Cryptographic Systems

2.1 Basic Cryptography Concepts

Cryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords

Robust Two-factor Smart Card Authentication

An IBE Scheme to Exchange Authenticated Secret Keys

(In)security of ecient tree-based group key agreement using bilinear map

Blind Signature Scheme Based on Elliptic Curve Cryptography

Spring 2010: CS419 Computer Security

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Cryptanalysis on Efficient Two-factor User Authentication Scheme with Unlinkability for Wireless Sensor Networks

A robust smart card-based anonymous user authentication protocol for wireless communications

Security Handshake Pitfalls

ECEN 5022 Cryptography

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

L13. Reviews. Rocky K. C. Chang, April 10, 2015

A Secure Simple Authenticated Key Exchange Algorithm based Authentication for Social Network

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS

Authenticated Key Agreement without Subgroup Element Verification

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Protocols for Authenticated Oblivious Transfer

Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

An efficient and practical solution to secure password-authenticated scheme using smart card

ZigBee Security Using Attribute-Based Proxy Re-encryption

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

An improved pairing-free identity-based authenticated key agreement protocol based on ECC

Security Weaknesses of a Biometric-Based Remote User Authentication Scheme Using Smart Cards

Security Handshake Pitfalls

CPSC 467: Cryptography and Computer Security

CIS 4360 Secure Computer Systems Applied Cryptography

Cryptography and Network Security

Secure Smart Card Based Remote User Authentication Scheme for Multi-server Environment

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Real-time protocol. Chapter 16: Real-Time Communication Security

Cryptographic Checksums

Cryptanalysis and improvement of passwordauthenticated key agreement for session initiation protocol using smart cards

A SMART CARD BASED AUTHENTICATION SCHEME FOR REMOTE USER LOGIN AND VERIFICATION. Received April 2011; revised September 2011

Diffie-Hellman Protocol as a Symmetric Cryptosystem

CS 494/594 Computer and Network Security

1. Diffie-Hellman Key Exchange

Key Exchange. Secure Software Systems

A New Efficient Authenticated and Key Agreement Scheme for SIP Using Digital Signature Algorithm on Elliptic Curves

Security Analysis of the Authentication Modules of Chinese WLAN Standard and Its Implementation Plan*

Smart-card-loss-attack and Improvement of Hsiang et al. s Authentication Scheme

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

On the Security of a Certificateless Public-Key Encryption

A ROBUST AND FLEXIBLE BIOMETRICS REMOTE USER AUTHENTICATION SCHEME. Received September 2010; revised January 2011

Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Keywords Session key, asymmetric, digital signature, cryptosystem, encryption.

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

A LITERATURE SURVEY ON NOVEL REMOTE AUTHENTICATION VIA VIDEO OBJECT AND BIOMETRICS

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Digital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

Public Key Algorithms

A Smart Card Based Authentication Protocol for Strong Passwords

ISSN X INFORMATION TECHNOLOGY AND CONTROL, 2011, Vol.40, No.3. ISSN X INFORMATION TECHNOLOGY AND CONTROL, 2011 Vol.?, No.?, 1?

Applied Cryptography and Computer Security CSE 664 Spring 2017

COMPUTER & NETWORK SECURITY

A strong password-based remote mutual authentication with key agreement scheme on elliptic curve cryptosystem for portable devices

A weakness in Sun-Chen-Hwang s three-party key agreement protocols using passwords

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

A Mutual Authentication Protocol Which Uses Id for Security from Privileged Insider Attacks

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

Chapter 9. Public Key Cryptography, RSA And Key Management

Password. authentication through passwords

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Key Agreement Schemes

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

An Improved and Secure Smart Card Based Dynamic Identity Authentication Protocol

CIS 3362 Final Exam 12/4/2013. Name:

A Critical Analysis and Improvement of AACS Drive-Host Authentication

Cryptanalysis of Blind Signature Schemes

Introduction to Cryptography Lecture 7

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Grenzen der Kryptographie

Transcription:

International Journal of Mathematical Analysis Vol. 8, 2014, no. 51, 2531-2537 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijma.2014.410298 Robust EC-PAKA Protocol for Wireless Mobile Networks Eun-Jun Yoon 1 Department of Cyber Security, Kyungil University Kyungsangpuk-Do 712-701, Republic of Korea Copyright c 2014 Eun-Jun Yoon. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Abstract This paper proposes a new authentication key agreement protocol based on elliptic curve for wireless mobile networks that provides secure mutual authentication and key agreement with key confirmation. The proposed protocol achieves many of desirable security requirements and performances compared with the related key agreement protocols. Keywords: Key agreement; Authentication; Wireless mobile networks; Elliptic curve cryptography 1 Introduction Due to limitations in power consumption, bandwidth and computation, an authentication key agreement protocol based on elliptic curve cryptography [1, 2] can be used in the wireless mobile networks. In 2005, Sui et al. [3] proposed an elliptic curve based password authenticated key agreement (in short, EC-PAKA) protocol. In 2007, Lu et al. [4] proposed an enhanced EC-PAKA protocol to against the off-line password guessing attack. In 2008, Chang- Chang [5] pointed out that Lu et al.. s enhanced EC-PAKA protocol cannot withstand the parallel guessing attack and then proposed security improvements on the Lu et al. s EC-PAKA protocol for wireless mobile networks. In 1 Corresponding author: Eun-Jun Yoon, Fax: +82-53-600-5579

2532 Eun-Jun Yoon 2012, Ahn-Yoon [6], however, showed that Chang-Chang s enhanced protocol is still vulnerable to off-line password guessing attacks. To avoid the weakness existing in Chang-Chang s enhanced protocol, this paper proposes a robust password authenticated key agreement protocol based on elliptic curve (in short, REC-PAKA) for wireless mobile networks. The proposed REC-PAKA protocol achieves many of desirable security requirements and performances compared with the related EC-PAKA protocols. The rest of this article is organized as follows. The proposed REC-PAKA protocol is given in Section 2. Next, the security of the proposed REC-PAKA protocol is analyzed in Section 3. Finally, section 4 makes concluding remarks. 2 Proposed REC-PAKA protocol This section proposes the REC-PAKA protocol for wireless mobile networks. The following notations are used throughout this paper. Alice(A), Bob(B): Two communication users; E: An elliptic curve defined over a finite field A with large group order; n: A secure large prime number; P : A point in E with large order n; D: A uniformly distributed dictionary of size D ; S: A low-entropy password shared between Alice and Bob, which is randomly chosen from D; t: The value t is derived from the password S in a predetermined way, which is uniformly distributed in Z n; H( ): A secure one-way hash function; : Concatenation of messages; Fig. 1 depicts the proposed REC-PAKA protocol, which works as follows: Step 1. A B: {A, Q A1, Q A2 } A first chooses a random number d A [1, n 1], and then computes the followings: Q A1 = (d A + t)p (1) Q A2 = d 2 AP (2) Finally, A sends the message {A, Q A1, Q A2 } to B.

Robust EC-PAKA protocol for wireless mobile networks 2533 Alice (A) Bob (B) (S, t) (S, t) Choose random d A [1, n 1] Compute Q A1 = (d A + t)p Compute Q A2 = d 2 A P {A, Q A1, Q A2} Choose random d B1, d B2 [1, n 1] Compute Y = Q A1 tp = d A P Compute Q B1 = d B1 P + d B2 Y Compute K B = d B1 Y + d B2 Q A2 Compute H B = H(A B Q A1 Q A2 Q B1 K B ) {B, H B, Q B1 } Compute K A = d A Q B1 = d B1 d A P + d B2 d 2 A P Verify H(A B Q A1 Q B1 K A )? = H B Compute H A = H(B A Q B1 Q A1 Q A2 K A ) {A, H A } Verify H(B A Q B1 Q A1 Q A2 K B )? = H A Session key sk = H(K A ) = H(K B ) Figure 1: Proposed REC-PAKA protocol for wireless mobile networks Step 2. B A: {B, H B, Q B1 } Upon receiving the message {A, Q A1, Q A2 }, B also chooses two random numbers d B1, d B2 [1, n 1], and then computes the followings: Y = Q A1 tp = d A P (3) Q B1 = d B1 P + d B2 Y (4) K B = d B1 Y + d B2 Q A2 (5) H B = H(A B Q A1 Q A2 Q B1 K B ) (6) Finally, B sends {B, H B, Q B1 } and to A. Step 3. A B: {A, H A } Upon receiving the message {B, H B, Q B1 }, A computes K A = d A Q B1 = d B1 d A P + d B2 d 2 AP (7)

2534 Eun-Jun Yoon and then checks whether the equality H(A B Q A1 Q A2 Q B1 K A ) =? H B (8) holds or not. If it holds, A computes and sends H A = H(B A Q B1 Q A1 Q A2 d A P ) (9) to B. Step 4. Upon receiving the message {A, H A }, B checks whether the equality holds or not. H(B A Q B1 Q A1 Q A2 K B )? = H A (10) Finally, A and B agree on the common session key sk = H(K A ) = H(K B ). Both sides will agree on the session key sk if all communication steps are executed correctly. Once the REC-PAKA protocol run completes successfully, both parties may use sk to encrypt their subsequent session traffic in order to create a confidential communication channel. 3 Security Analysis This section analyzes the security of the proposed REC-PAKA protocol. 3.1 Replay attack Suppose an attacker Eve intercepts {A, Q A1, Q A2 } from Alice in Step 1 and replays it to impersonate Alice. However, Eve cannot compute a correct session key K A and deliver it to Bob in Step 3 unless he/she can correctly guess the secret value t to obtain d A P and guess the right d B1 and d B2 from Q B1. When Eve tries to guess d A from d A P or d B1 and d B2 from Q B1, he/she will face the Elliptic Curve Discrete Logarithm Problem(ECDLP). On the other hand, suppose Eve intercepts {B, H B, Q B1 } from Bob in Step 2 and replays it to impersonate Bob. For the same reason, if Eve cannot gain the correct d A from Q A1, Alice will find out that H B is not equivalent to his/her computed hash value. Then, Bob will not send {A, H A } back to Eve in Step 3. Therefore, the proposed REC-PAKA protocol can withstand the replay attack.

Robust EC-PAKA protocol for wireless mobile networks 2535 3.2 Password guessing attacks An on-line password guessing attack cannot succeed since Bob can choose appropriate trail intervals. On the other hand, in an off-line password guessing attack, Eve can try to find out a weak password by repeatedly guessing possible passwords and verifying the correctness of the guesses based on information obtained in an off-line manner. In the proposed REC-PAKA protocol, Eve can gain the knowledge of Q A1 = (d A + t)p, Q B1 = d B1 P + d B2 Y, H B and H A in Steps 1, 2, and 3, respectively. To obtain the password S (or t) of Alice, Eve first guesses password S (or t ) and then finds d A P = Q A1 t P. By using d A P and Q B1, Eve will try to compute the session key sk = H(K A ) = H(K B ). However, Eve has to break the Elliptic Curve Discrete Logarithm Problem and Elliptic Curve Diffie-Hellman Problem to find the keying material sk from d A P and Q B1 to verify his/her guess. But, Eve cannot gain the session key without d A of d A P and d B1 (or d B2 ) of Q B1. Therefore, the proposed REC-PAKA protocol can withstand the password guessing attacks. 3.3 Forgery attack Without knowing the secret value t, Eve cannot make the forged message {A, Q A1, Q A2 } to cheat Bob. Without knowing the session key K B, Eve cannot make the forged message {B, H B, Q B1 } to cheat Alice. Without knowing the session key K A, Eve cannot make the forged message {A, H A } to cheat Alice. Therefore, the proposed REC-PAKA protocol can withstand the forgery attack. 3.4 Known-key security In view of the randomness of d A, d B1, and d B2 in the proposed REC-PAKA protocol, session keys in different key agreements are independent.. Thus, the knowledge of previous session keys does not help Eve to obtain any future session keys. Hence, the proposed REC-PAKA has the property of known-key security. 3.5 Perfect forward secrecy Perfect forward secrecy means that if long-term private keys of one or more entities are compromised, the secrecy of previous session keys established by honest entities is not affected. If the user s password S is compromised, it does not allow an attacker Eve to determine the session key sk for past sessions and decrypt them, since Eve is still faced with the Elliptic Curve Diffie-Hellman Problem(ECDHP). Hence, the proposed ERC-PAKA has the property of perfect forward secrecy.

2536 Eun-Jun Yoon 3.6 Mutual authentication Mutual authentication means that both the user and server are authenticated to each other within the same protocol, while explicit key authentication is the property obtained when both implicit key authentication and key confirmation hold. As such, the proposed scheme uses the Elliptic Curve Diffie-Hellman key exchange algorithm to provide mutual authentication, then the key is explicitly authenticated by a mutual confirmation fresh session key K A (or K B ). Hence, the proposed REC-PAKA provides mutual authentication. 4 Conclusions This paper proposed a robust password authenticated key agreement protocol based on elliptic curve for wireless mobile networks that provides secure mutual authentication and key agreement with key confirmation. The proposed REC-PAKA protocol achieves many of desirable security requirements and performances. As a result, the proposed REC-PAKA protocol provides more security which can be executed securely than other previously proposed related protocols. Acknowledgements This work was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(No. 2010-0010106). References [1] N. Koblitz, Elliptic curve cryptosystems, Mathematics of Computation, 48 (1987), 203-209. http://dx.doi.org/10.2307/2007884 [2] V. S. Miller, Use of elliptic curves in cryptography, Proceedings of Advances in Cryptology Crypto 85, 128 (1985), 417-426,. [3] A. Sui, L. Hui, S. Yiu, K. Chow, W. Tsang, C. Chong, K. Pun, H. Chan, An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication, IEEE Wireless Communications and Networking Conference (WCNC 2005), (2005), 2088-2093, 2005. http://dx.doi.org/10.1109/wcnc.2005.1424840

Robust EC-PAKA protocol for wireless mobile networks 2537 [4] R. Lu, Z. Cao, H. Zhu, An enhance authentication key agreement protocol for wireless mobile communication, Computer Standards and Interfaces, 29, (2007), 647-652. http://dx.doi.org/10.1016/j.csi.2007.04.002 [5] C. Chang, S. Chang, An improved authentication key agreement protocol based on elliptic curve for wireless mobile networks, International Conference on IEEE Intelligent Information Hiding and Multimedia Signal Processing, 1 (2008), 1375-1378. http://dx.doi.org/10.1109/iih-msp.2008.14 [6] H.S. Ahn, E.J. Yoon, Cryptanalysis of Chang-Chang s EC-PAKA protocol for wireless mobile networks, World Academy of Science, Engineering & Technology, 68(1) (2012), 33-35. Received: October 8, 2014; Published: November 20, 2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback